Virtually any major web application that is accessible today uses tokens to authenticate a user requesting access to the application/API. The use of tokens allows a user to access multiple servers after only a single login, rather than having to log into each server that the user attempts to access. But clients have to store and transmit tokens, which means that tokens are susceptible to being stolen and presented to gain unauthorized access to a secure system. Furthermore, such token-based techniques require calls to trusted identity servers to authenticate tokens when they are presented.